LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-20-2005, 12:32 AM   #1
jun_tuko
Member
 
Registered: Oct 2005
Location: Seattle, WA
Distribution: Fedora Core 4
Posts: 67

Rep: Reputation: 15
Help on IPTABLES on Fedora Core 4 Firewall


Hello,
I need help from you gurus. I am new to Linux and just recently installed Fedora Core 4. I have this book about setting up LAMP and now to the part where I am customizing the firewall. I have the following script:

#!/bin/sh
# Change the part after the = to the where your
# IPTABLES is on your system

IPTABLES=/sbin/iptables

# Flush existing rulles

$IPTABLES -F INPUT

# Allow connections going outbound
# from this machine to reply back

$IPTABLES -A INPUT -j ACCEPT -m state --state \
ESTABLISHED -i eth0 -p icmp

$IPTABLES -A INPUT -j ACCEPT -m state --state \
ESTABLISHED -i eth0 -p tcp

$IPTABLES -A INPUT -j ACCEPT -m state --state \
ESTABLISHED -i eth0 -p udp

# Allow incoming SSH requests

$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow incoming DNS

$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT

# Allow incoming HTTP requests (to web server)

$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow Ping echo

$IPTABLES -A INPUT -p icmp -j ACCEPT

# Load modules
insmod ip_conntrack_ftp
insmod ipt_LOG
insmod ipt_REJECT
insmod ipt_limit
insmod ipt_state

# The logging is set so if more than 5 packets are dropped
# in three seconds they will be ignored. This
# helps to prevent a DOS attack
# crashing the computer the firewall is running on

$IPTABLES -A INPUT -m limit --limit 3/second \
--limit-burst 5 -i ! lo -j LOG

# Drop and log all other data

$IPTABLES -A INPUT -i ! lo -j DROP

When I run this script (after stopping /etc/init.d/iptables), I get the following error:

[root@localhost ~]# /usr/local/etc/firewall
insmod: can't read 'ip_conntrack_ftp': No such file or directory
insmod: can't read 'ipt_LOG': No such file or directory
insmod: can't read 'ipt_REJECT': No such file or directory
insmod: can't read 'ipt_limit': No such file or directory
insmod: can't read 'ipt_state': No such file or directory
[root@localhost ~]#

The book I'm using uses FC2. Is this why I'm getting these error? How can I solve this? Thank you in advance!!!
 
Old 10-20-2005, 04:59 AM   #2
cyberjun
Member
 
Registered: Mar 2005
Distribution: Gentoo kernel 2.6.14
Posts: 96

Rep: Reputation: 15
Hi,
It seems the modules have not been built. In linux, functionality can either be built into the kernel or as loadable modules. Since the insmod command fails, it appears either the modules haven't been built separately or they are already built into the kernel....

Try to comment out these insmod lines with # and then execute the script. No output/error will be returned if the attempt has been successful.

Also check your /var/log/messages file for output from IPTABLES logging.

Cheers,

--cyberjun
 
Old 10-20-2005, 01:02 PM   #3
jun_tuko
Member
 
Registered: Oct 2005
Location: Seattle, WA
Distribution: Fedora Core 4
Posts: 67

Original Poster
Rep: Reputation: 15
hello cyberjun,
thanks for your reply. i'm setting up an ftp server and the book i am reading stated i need those lines (modules loaded). i remember when i installed fc4 that i unchecked the ftp server option so it should not have loaded it. now i did a "yum install ftp" and it did something. but then i get the same result when i run my firewall script.

how can i load these modules using the command line?

thanks. i am a newbie, if any of you gurus would like to reply on this, please provide step by step instructions. thanks again!
 
Old 10-20-2005, 02:43 PM   #4
blkcamarozr28
Member
 
Registered: Oct 2005
Location: Honolulu, Hawaii
Distribution: Fedora Core 1-7, CentOS 4/5, Ubuntu/Xubuntu
Posts: 63

Rep: Reputation: 15
Smile

When installing FC1-4 they give you a option to install a Firewall. You should select that option and use the gui to preconfigure your firewall filters. Once its all loaded up all you need to do is edit /etc/sysconfig/iptables. From there you can modifiy the filters. Make sure after you save iptables do a 'service iptables restart' so the new rules are loaded.

Other options are:

'service iptables start' *Start Firewall
'service iptables stop' *Stop Firewall
'service iptables status' *Check status of Firewall/Rules
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall / Fedora Core xXNecrosXx Linux - Security 3 08-29-2005 09:52 PM
Fedora Core 3 Firewall treebug Linux - Security 2 03-22-2005 10:43 PM
IPTABLES with Fedora Core 3 richpri Fedora 2 12-30-2004 07:23 AM
firewall within fedora core 2 psa Linux - Newbie 3 09-03-2004 10:13 AM
IPTables and Fedora Core RedHatMN Linux - Networking 5 04-06-2004 11:49 AM


All times are GMT -5. The time now is 05:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration